diff --git a/libreswan-4.15-rereadsecrets.patch b/libreswan-4.15-rereadsecrets.patch
index 35df975..6808ad4 100644
--- a/libreswan-4.15-rereadsecrets.patch
+++ b/libreswan-4.15-rereadsecrets.patch
@@ -1,4 +1,4 @@
-From 7ed158f258e544854e793fa6bd02e86d008f1b92 Mon Sep 17 00:00:00 2001
+From 5d20ce318199d3d525c8503ffc3242a90117a944 Mon Sep 17 00:00:00 2001
 From: Daiki Ueno <dueno@redhat.com>
 Date: Sat, 23 Nov 2024 10:18:03 +0900
 Subject: [PATCH 1/2] secrets: allocate secret_pubkey_stuff separately from
@@ -13,8 +13,8 @@ Signed-off-by: Daiki Ueno <dueno@redhat.com>
  lib/libswan/secrets.c                         | 32 ++++++++++---------
  programs/pluto/ikev2_eap.c                    |  2 +-
  programs/pluto/keys.c                         |  6 ++--
- programs/showhostkey/showhostkey.c            | 31 ++++++++++--------
- 8 files changed, 55 insertions(+), 50 deletions(-)
+ programs/showhostkey/showhostkey.c            | 32 +++++++++++--------
+ 8 files changed, 56 insertions(+), 50 deletions(-)
 
 diff --git a/include/secrets.h b/include/secrets.h
 index 971f559da7..38906bf6ba 100644
@@ -320,7 +320,7 @@ index 81e506556a..37f2408ae3 100644
  	    c->name, type->name);
  	return pks;
 diff --git a/programs/showhostkey/showhostkey.c b/programs/showhostkey/showhostkey.c
-index 8f40b67a62..d873177068 100644
+index 8f40b67a62..7b003365dd 100644
 --- a/programs/showhostkey/showhostkey.c
 +++ b/programs/showhostkey/showhostkey.c
 @@ -172,14 +172,14 @@ static void print(struct secret_stuff *pks,
@@ -404,7 +404,7 @@ index 8f40b67a62..d873177068 100644
  			.kind = type->private_key_kind,
  			.line = 0,
 -			.u.pubkey.private_key = SECKEY_CopyPrivateKey(private_key), /* add reference */
-+			.u.pubkey = &pubkey,
++			.u.pubkey = clone_thing(pubkey, "pubkey"),
  		};
  
 -		type->extract_pubkey_content(&pks.u.pubkey.content, pubk, ckaid_nss);
@@ -412,7 +412,7 @@ index 8f40b67a62..d873177068 100644
  		/*
  		 * Only count private keys that get processed.
  		 */
-@@ -513,8 +516,8 @@ static struct secret_stuff *foreach_nss_private_key(secret_eval func,
+@@ -513,8 +516,9 @@ static struct secret_stuff *foreach_nss_private_key(secret_eval func,
  			break;
  		}
  
@@ -420,14 +420,15 @@ index 8f40b67a62..d873177068 100644
 -		type->free_pubkey_content(&pks.u.pubkey.content);
 +		SECKEY_DestroyPrivateKey(pks.u.pubkey->private_key); /* destory reference */
 +		type->free_pubkey_content(&pks.u.pubkey->content);
++		pfreeany(pks.u.pubkey);
  
  		if (ret < 0) {
  			break;
 -- 
-2.47.0
+2.47.1
 
 
-From 8f0fc5ccf7f770e027f8266f7f825a24f88f150e Mon Sep 17 00:00:00 2001
+From b4102e2243a6513897502113dfbf90fc4ff36323 Mon Sep 17 00:00:00 2001
 From: Andrew Cagney <cagney@gnu.org>
 Date: Fri, 8 Nov 2024 17:45:53 -0500
 Subject: [PATCH 2/2] crypto: refcnt struct secret_pubkey_stuff when passing to
@@ -589,5 +590,5 @@ index 388f57c611..08edf412ee 100644
  	pfreeany(*task);
  }
 -- 
-2.47.0
+2.47.1
 
diff --git a/libreswan.spec b/libreswan.spec
index 8e14cba..da09c43 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -31,7 +31,7 @@ Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
 Version: 4.15
-Release: %{?prever:0.}7%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}8%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@@ -200,6 +200,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 
 %changelog
+* Tue Jan 14 2025 Daiki Ueno <dueno@redhat.com> - 4.15-8
+- showhostkey: fix regression after RHEL-68047 (RHEL-70842)
+
 * Tue Dec 17 2024 Daiki Ueno <dueno@redhat.com> - 4.15-7
 - Remove libreswan-4.15-whack-fd-refcount.patch (RHEL-61461)